[New-bugs-announce] [issue3596] Provide a way to disable SSLv2 (or better yet, disable by default)
Heikki Toivonen
report at bugs.python.org
Tue Aug 19 05:06:16 CEST 2008
New submission from Heikki Toivonen <hjtoi-bugzilla at comcast.net>:
There should be a way to disable SSLv2 since it is insecure. It would be
even better if SSLv2 was disabled out of the box, but maybe there could
be a way to re-enable it.
I made the default to disable SSLv2 in M2Crypto, but those that want it
can explicitly request unsecure connection. You can take a look at
http://svn.osafoundation.org/m2crypto/trunk/M2Crypto/SSL/Context.py to
see how I did it.
Modern web browsers are also removing SSLv2 support from them, so it
should be really rare to actually need v2 anywhere.
----------
components: Library (Lib)
messages: 71404
nosy: heikki
severity: normal
status: open
title: Provide a way to disable SSLv2 (or better yet, disable by default)
type: security
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue3596>
_______________________________________
More information about the New-bugs-announce
mailing list